In this scenario, EFS metadata is not maintained, and only the current user can decrypt the file. However, you expect that EFS metadata will be maintained and that the user whom you added in step 7 is still there.

Cause

If an application opens and saves a file by using the replacefile() API, and if that file was encrypted by using EFS when more than one certificate was present, the resulting file will contain only the certificate of the user who saved the file. This behavior is by design.